Re: [Clamav-users] Progressive scan ?
On Mon, 24 Apr 2006 13:16:57 +0200
Roman ZARAGOCI wrote:
For example, I would want to scan only new files added to homes
directories or by checking the modification date of files.
Maybe someone has already made this sort of script ?
If you run something like:
find /home -mtime -2 -type f -print0 | xargs -0 clamdscan
I've got a specific problem with my script, let me explain what it
does :
1) # First, the script build a text file named file1 containing all
modified files last day
find /home -mtime -1 -type f /tmp/file1
2) # Then, the command grep excludes all lines containing mail (to
not scan mail files - too long and already scan by another soft)
grep -v mail /tmp/file1 /tmp/file2
3) # Because clamdscan needs a single line as parameter to specify
files/repertories to scan, I apply this :
while read line; do echo -e \$line\ \c; done file2
So, the file named file2 contains a single line with this format :
/home/first file /home/second file ...
I add a double-quote to scan files with spaces.
But when I do :
while read line; do echo -e \$line\ \c; done file2 | xargs -0
clamdscan
clamdscan replies :
[...] /home/tbigo/some file.exe /home/updvir/update.ini
/home/updvir/dat-4746.zip : File name too long
Your scripting skills are somewhat flaky :) This is not an exemplary
method/script, but should give you a general idea, keeping the general
context of your script.
#/bin/sh
find /home -mtime -1 -type f /tmp/file1;
filelist=`grep -v mail /tmp/file1`;
{
for x in ${filelist}
do
clamdscan ${x}
done
}
#End of file
The above has no particular semantics or such, but gives a basis to
work from.
Matt
p.s: Before anyone starts pointing out problems with the above quick
script, it was not meant to be a scripting reference, just a vague
guideline/concept :)
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Chuck Swiger a écrit : Roman ZARAGOCI wrote: [ ... ] For example, I would want to scan only new files added to homes directories or by checking the modification date of files. Maybe someone has already made this sort of script ? If you run something like: find /home -mtime -2 -type f -print0 | xargs -0 clamdscan I've got a specific problem with my script, let me explain what it does : 1) # First, the script build a text file named file1 containing all modified files last day find /home -mtime -1 -type f /tmp/file1 2) # Then, the command grep excludes all lines containing mail (to not scan mail files - too long and already scan by another soft) grep -v mail /tmp/file1 /tmp/file2 3) # Because clamdscan needs a single line as parameter to specify files/repertories to scan, I apply this : while read line; do echo -e \$line\ \c; done file2 So, the file named file2 contains a single line with this format : /home/first file /home/second file ... I add a double-quote to scan files with spaces. But when I do : while read line; do echo -e \$line\ \c; done file2 | xargs -0 clamdscan clamdscan replies : [...] /home/tbigo/some file.exe /home/updvir/update.ini /home/updvir/dat-4746.zip : File name too long --- SCAN SUMMARY --- Infected files: 0 Time: 0.007 sec (0 m 0 s) Clamdscan doesn't understand that it is a list of files. When I do it manually, that's work fine. I wish I was understandable and excuse-me for my scholarly English level :) Thanks again for your help ;) This list has very efficient users ! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Dennis Peterson a écrit : I run a tripwire-like tool at unpredictable times and use the results to scan the differences. It beats anything else I've tried. It seems to be the right tool to use on my system. Could you send me the tripwire-like script you are using ? I found several tools and I don't know which one to use. Is it a specific package ? Thanks for your answers ;) dp ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Roman ZARAGOCI wrote: Dennis Peterson a écrit : I run a tripwire-like tool at unpredictable times and use the results to scan the differences. It beats anything else I've tried. It seems to be the right tool to use on my system. Could you send me the tripwire-like script you are using ? I found several tools and I don't know which one to use. Is it a specific package ? Thanks for your answers ;) It isn't a script - it is Cfengine and is found at cfengine.org. It is sufficiently complex that this function is not enough reason to install it, but Tripwire will also work and is a simple install. In Solaris systems there is the aset tool which does similar things. These are basic Unix security tools and are worth running for no other reason, but they produce useful output for ClamAV scans. dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Progressive scan ?
Hi, Maybe, it's not a clamav related question. Is it possible to do a progressive scan with clamdscan using a script or something else ? For example, I would want to scan only new files added to homes directories or by checking the modification date of files. Maybe someone has already made this sort of script ? Thanks for helping me :) Best regards, Romano ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Roman ZARAGOCI wrote: [ ... ] For example, I would want to scan only new files added to homes directories or by checking the modification date of files. Maybe someone has already made this sort of script ? If you run something like: find /home -mtime -2 -type f -print0 | xargs -0 clamdscan ...via cron each night, that ought to suit your requirements...? [ Or perhaps use -mtime -8 and scan weekly, etc. ] -- -Chuck ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Roman ZARAGOCI wrote: Maybe, it's not a clamav related question. Is it possible to do a progressive scan with clamdscan using a script or something else ? An incremental scan? For example, I would want to scan only new files added to homes directories or by checking the modification date of files. Sounds like you could do with a simple combination of clamav and the find command. /Per Jessen, Zürich ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Progressive scan ?
Roman ZARAGOCI wrote: Hi, Maybe, it's not a clamav related question. Is it possible to do a progressive scan with clamdscan using a script or something else ? For example, I would want to scan only new files added to homes directories or by checking the modification date of files. Maybe someone has already made this sort of script ? Thanks for helping me :) I run a tripwire-like tool at unpredictable times and use the results to scan the differences. It beats anything else I've tried. dp ___ http://lurker.clamav.net/list/clamav-users.html
